The Philippine government has made its position clear. President Ferdinand R. Marcos Jr. approved the National Cybersecurity Plan 2023-2028, issued through Executive Order No. 58 in February 2024, as a comprehensive roadmap to protect institutions and citizens. This is not an aspirational policy; it is an operational directive that makes National Cybersecurity Plan alignment a structural requirement for the private sector. For enterprises, the question is no longer whether this matters, but how far behind they already are.
Why the NCSP Matters for Businesses
The NCSP is built on a “whole-of-nation” premise. DICT Undersecretary Jeffrey Ian C. Dy has emphasised that private companies must collaborate through shared intelligence and coordinated action.
The threat landscape reinforces the urgency: Blue Voyant found over 80% of Philippine organisations experienced an average of three breaches in 2024, while Kroll reports that 75% of businesses have suffered attacks—far above the Asia-Pacific average of 59%. Aligning with the National Cybersecurity Plan is the only way to mitigate this systemic risk.
The Six Pillars of NCSP in Practice
The roadmap is structured around six operational pillars, each requiring a specific National Cybersecurity Plan alignment strategy:
1. Enactment of the Cybersecurity Act
This will formalise mandatory obligations, including incident reporting and minimum security standards.
2. Critical Information Infrastructure protection
The NCSP designates individual organisations as CIIs based on their operational consequence. If your failure would cascade into supply chains or financial systems, you must prioritise this pillar now.
3. Proactive threat detection
Moving beyond periodic reviews, this pillar emphasises continuous monitoring. Check Point identified eight third-party vendor breaches affecting Filipino clients in 2024, proving that quarterly reviews are no longer sufficient.
4. Operational CERT and SOC networks
Enterprises are expected to have an incident response capability that integrates with the cybersecurity incident response model established at the national level.
5. Capacitating the cybersecurity workforce
Investing in internal upskilling is an opportunity to attract the talent the plan seeks to develop.
6. International Cooperation and Standards Alignment
This signals a movement towards cross-border reporting and alignment with frameworks such as ISO 27001.
Where Philippine Enterprises Are Most Exposed
An honest assessment of current posture often reveals significant gaps in National Cybersecurity Plan alignment:
- Absence of continuous monitoring: Many organisations still depend on periodic reviews. Viettel urges data leak monitoring, a 24/7 SOC, third-party risk management, and a clear roadmap, warning that innovation without protection increases risk, according to Business Indonesia.
- Unmanaged third-party risk: Supply chain attacks are rising in the Philippines, including a major breach at the National Telecommunications Commission. BlueVoyant reports growing third-party threats, according to IndoSec.
- Undertested incident response: Many organisations have plans on paper, but tabletop exercises and live simulations remain uncommon outside large enterprises.
- AI-driven threat readiness: Cybercriminals now use AI-assisted malware that adapts to evade detection, industrialising deception at scale. Organisations relying on signature-based tools are structurally unprepared for this generation of attack.
- Credential exposure: In the first half of 2024 alone, over 315,000 credentials were compromised in the Philippines, reflecting a cyber environment under sustained attack.
What Alignment Looks Like in Practice
Achieving National Cybersecurity Plan alignment is an ongoing programme. For most, the journey follows a practical sequence:
For most enterprises, the journey follows a practical sequence:
- Start with a gap assessment: Map existing controls against NCSP expectations.
- Establish 24/7 visibility: Build proactive monitoring as a baseline requirement.
- Conduct regular VAPT: Perform structured vulnerability assessments across IT and OT environments.
- Operationalise incident response: Ensure your internal workflows align with the national cybersecurity incident response model.
- Implement third-party risk governance: Assess vendor security regularly to reduce supply chain exposure.
2028 Is Closer Than It Looks
The Philippines’ climb in the United Nations Global Cybersecurity Index, from 61st to 53rd place, shows that progress at the national level is measurable. Enterprises must match this momentum. Those who treat the deadline as distant will find themselves making reactive, expensive compliance investments later. Structured National Cybersecurity Plan alignment provides the governance and documentation that regulators will soon require.
Zentara’s team works with enterprises and government-linked organisations across the Philippines and the wider region to build security programmes that align with national frameworks including the NCSP. Our team holds ISO 27001 certification and operates in alignment with the international standards the NCSP is designed to converge with.
Start your NCSP alignment assessment before the regulatory window tightens.
